On Wednesday, 9 November 2016 3:51:58 AM ACDT Carlos E. R. wrote:
On 2016-11-08 19:28, Greg Freemyer wrote:
On Tue, Nov 8, 2016 at 12:53 PM, Lew Wolfgang
wrote: On 11/08/2016 09:43 AM, John Andersen wrote:
Can't you add a FQDN to fail2ban instead of an IP?
...
In the fail2ban config on that server I have:
ignoreip = 1.2.3.4 where that would be my home IP.
The doubt is whether you could place there the DNS name of your home IP, not the IP itself.
I was thinking the same thing. If you use a dynamic DNS service for your home IP then you could use the FQDN of your home connection in the fail2ban config, if that is supported. I do see an issue with that, though - every connection attempt would trigger a reverse DNS lookup to get the hostname associated with the source IP address, which would consume a lot of resources, both on the host running fail2ban and lots of unnecessary DNS requests (especially in the case of a botnet attack from lots of spoofed IP addresses). Regards, Rodney. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org